iknowyou/README.md

<div align="center">

<img alt="logo" src="./.github/assets/logo.png" width="120px" />

# I Know You

**Self-hosted OSINT aggregation platform**

Run dozens of open-source intelligence tools against a single target in parallel; all from one clean web interface.

[![Go](https://img.shields.io/badge/Go-1.25+-00ADD8?style=flat&logo=go)](https://go.dev)
[![Astro](https://img.shields.io/badge/Astro-Svelte-FF5D01?style=flat&logo=astro)](https://astro.build)
[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](LICENSE)
[![Self-hosted](https://img.shields.io/badge/deployment-self--hosted-blueviolet)](https://github.com/anotherhadi/iknowyou)

</div>

---

## What is it?

IKY (iknowyou) is a **self-hosted OSINT (Open-Source Intelligence) platform** that centralises reconnaissance tools into a single reactive web interface. Instead of juggling terminals, browser tabs, and disconnected CLI tools, you type a target once and get results streaming in real time.

Designed for security researchers, penetration testers, and OSINT investigators who need speed and visibility without compromising on control.

**Supported target types:** `email`, `username`, `domain`, `IP`, `phone`, ...

## Features

- **Parallel execution**: all tools run simultaneously; results stream in as they arrive
- **Profile system**: create named profiles to enable/disable specific tools or override their config per investigation type (quick recon vs. thorough sweep)
- **Per-tool configuration**: set API keys, rate limits, and options globally or per profile
- **Tool availability checks**: tools that depend on an external binary report their status; the interface shows which tools are ready, which need config, and which are unavailable
- **Search history**: completed searches are kept in memory; results can be reviewed without re-running
- **Extensible architecture**: adding a new tool is a single Go file implementing one interface, registered in one line
- **Production-ready**: The configuration is YAML-based and read-only mode is supported (for Nix-managed deployments). A NixOS module is available.

## Profiles

Profiles let you tailor which tools run and how, without touching the global config.

| Profile    | Type     | Description                                                                  |
| ---------- | -------- | ---------------------------------------------------------------------------- |
| `default`  | Built-in | All tools active, default settings                                           |
| `hard`     | Built-in | All tools active, including those that may leave traces at the target        |
| _(custom)_ | User     | Your own combination of enabled/disabled tools and per-tool config overrides |

Create and manage custom profiles from the **Profiles** page.

## Useful Links

- [See the list of tools](.github/docs/tools.md)
- [Learn how it works](.github/docs/how-it-works.md)
- [Learn how to contribute](.github/CONTRIBUTING.md)

## Deployment

<details>
<summary>Deploy on NixOS</summary>

1. In the `flake.nix` file, add `iknowyou` in the `inputs` section and import
   the `iknowyou.nixosModules.default` module:

```nix
{
    inputs = {
        iknowyou.url = "github:anotherhadi/iknowyou";
    };
    outputs = {
        # ...
        modules = [
            inputs.iknowyou.nixosModules.default
        ];
        # ...
    }
}
```

2. Enable the service:

```nix
services.iknowyou = {
    enable = true;
    port = 8080;
    openFirewall = true;
};
```

All tool dependencies are included automatically.

</details>

## Configuring

<details>
<summary>Via the web interface</summary>

No files needed. API keys, tool settings, and profiles can all be managed from the **Settings** page. Changes are written back to the config file automatically.

This only works if the config file is writable. On NixOS with a read-only store path, use one of the methods below instead.

</details>

<details>
<summary>Via a YAML file</summary>

Create `/etc/iky/config.yaml` (or any path, then point `IKY_CONFIG` to it):

```yaml
tools:
  github-recon:
    token: ghp_yourtoken
  whoisfreaks:
    api_key: yourkey
  ipinfo:
    token: yourtoken
  breachdirectory:
    api_key: yourkey

profiles:
  quick:
    enabled:
      - whois
      - dig
      - crt.sh
    disabled: []
```

Only include the tools you want to configure — everything else falls back to defaults.

</details>

<details>
<summary>Via Nix + sops-nix (NixOS)</summary>

API keys should never go in the Nix store (world-readable). Use [sops-nix](https://github.com/Mic92/sops-nix) to store the config file as an encrypted secret and have it decrypted at boot with the right permissions.

1. Add your IKY config to your sops-encrypted secrets file (e.g. `secrets/iky.yaml`):

```yaml
iky-config: |
  tools:
    github-recon:
      token: ghp_yourtoken
    whoisfreaks:
      api_key: yourkey
    ipinfo:
      token: yourtoken
  profiles:
    quick:
      enabled:
        - whois
        - dig
        - crt.sh
      disabled: []
```

2. Declare the secret and point the service to it:

```nix
sops.secrets."iky-config" = {
    owner = "iknowyou";
    mode = "0400";
    restartUnits = [ "iknowyou.service" ];
};

services.iknowyou = {
    enable = true;
    configFile = config.sops.secrets."iky-config".path;
};
```

The module creates the `iknowyou` group automatically and adds it as a supplementary group to the service, so the `DynamicUser` can read the secret without needing a static user.

</details>

## ⚠️ Legal Disclaimer

**IKY is intended for legal, authorized use only.**

This software is designed for:

- Security research on systems you own or have **explicit written permission** to test
- Penetration testing engagements conducted under a signed scope of work
- OSINT investigations carried out in compliance with applicable laws and regulations
- Educational purposes in controlled, isolated environments

**Using IKY against targets without prior authorization may be illegal** under computer fraud and privacy laws. The author(s) of IKY accept **no responsibility** for any misuse, damage, legal consequences, or harm caused by this software. By using IKY you agree that you are solely responsible for ensuring your use is lawful and ethical.

---

<div align="center">
  <a href="https://github.com/anotherhadi/iknowyou">github</a> |
  <a href="https://gitlab.com/anotherhadi_mirror/iknowyou">gitlab (mirror)</a> |
  <a href="https://git.hadi.icu/anotherhadi/iknowyou">gitea (mirror)</a>
</div>